State finds Dept. of State Lands security issue

During a regular cybersecurity assessment, security specialists at Oregon’s Enterprise Security Office identified an information security vulnerability on an internet-connected system with the Oregon Department of State Lands, officials said Friday.

In coordination with the Department of State Lands, the Enterprise Security Office began the assessment on Oct. 5. The impacted system was taken offline on Monday, October 8, after a potential vulnerability was determined. The vulnerability was confirmed on Thursday, during the course of the assessment.

The system contained some personal information, including names, addresses, birthdates and Social Security numbers. Through forensic investigations, security specialists have determined it is likely outside entities may have accessed some of this information.

The Department of State Lands will notify individuals whose information may have been compromised, and those individuals will be offered free credit monitoring.

At the direction of Governor Brown, the Enterprise Security Office conducts regular cybersecurity assessments of state agencies. These assessments are a proactive effort to minimize risk to the state’s electronic information systems and to best protect the information of Oregonians and businesses.